From 2dbb6087231c46ec16bd3f478fbe6daa3237fb25 Mon Sep 17 00:00:00 2001
From: Hongming Wang <hongmingwang.rabbit@users.noreply.github.com>
Date: Wed, 15 Apr 2026 16:21:58 -0700
Subject: [PATCH] feat(template): wire molecule-hitl + molecule-security-scan
 into roles (#266, #275)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #266 and #275. Per-role install matrix matching the per-tick
#266 triage comment.

## Added plugins

| Role | Plugin | Rationale |
|---|---|---|
| Backend Engineer | molecule-hitl | Scope includes destructive DB migrations + runtime config changes — @requires_approval stops unattended agents from shipping prod schema mutations. |
| DevOps Engineer | molecule-hitl | Scope covers fly deploys + registry pushes + CI pipeline mutations — @requires_approval before destructive infra ops. |
| Security Auditor | molecule-hitl | Gates public issue filing for critical findings; prevents false-positive spam of the tracker. |
| Security Auditor | molecule-security-scan | Primary consumer of gosec/bandit/CVE scanning via builtin_tools/security_scan.py. Security Auditor system prompt already expects to run these tools; this wires them. |

## Per-PR #71 semantics
Each workspace's `plugins:` UNIONs with `defaults.plugins` — these
additions don't drop any existing plugin. Security Auditor's list went
from 3 → 5; Backend + DevOps Engineer now have a role-specific list
layered on top of defaults.

## NOT adding (yet)
Dev Lead / Research Lead / Technical Researcher / QA Engineer / UIUX
Designer / PM / Documentation Specialist — none have destructive ops
scope in the role description. If you want belt-and-suspenders HITL
coverage I can extend this PR; leaving narrow for now.

## Test plan
- [x] YAML parses cleanly (python3 -c 'import yaml; yaml.safe_load(...)')
- [x] Three edited roles' plugins lists verified by walk-script
- [ ] Next org re-import activates the plugins on each workspace container
- [ ] Agents invoke request_approval / security_scan from their system
      prompts after re-import

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 org-templates/molecule-dev/org.yaml | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/org-templates/molecule-dev/org.yaml b/org-templates/molecule-dev/org.yaml
index 540930c8..30aed816 100644
--- a/org-templates/molecule-dev/org.yaml
+++ b/org-templates/molecule-dev/org.yaml
@@ -503,6 +503,11 @@ workspaces:
             tier: 3
             model: opus
             files_dir: backend-engineer
+            # #266: HITL gate — Backend Engineer's scope includes destructive
+            # DB migrations + runtime config changes; the @requires_approval
+            # decorator stops an unattended agent from shipping a prod
+            # schema mutation without a human click. UNION with defaults.
+            plugins: [molecule-hitl]
             initial_prompt: |
               You just started as Backend Engineer. Set up silently — do NOT contact other agents.
               1. Clone the repo: git clone https://github.com/${GITHUB_REPO}.git /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)
@@ -528,6 +533,11 @@ workspaces:
             tier: 3
             model: opus
             files_dir: devops-engineer
+            # #266: HITL gate — DevOps Engineer's scope covers fly deploys,
+            # registry pushes, CI pipeline mutations. Any of these going
+            # wrong affects every tenant; @requires_approval before
+            # destructive infra ops is the point.
+            plugins: [molecule-hitl]
             initial_prompt: |
               You just started as DevOps Engineer. Set up silently — do NOT contact other agents.
               1. Clone the repo: git clone https://github.com/${GITHUB_REPO}.git /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)
@@ -587,12 +597,21 @@ workspaces:
             tier: 3
             model: opus
             files_dir: security-auditor
-            # Security Auditor adds three security-critical skills on top of defaults:
+            # Security Auditor adds security-critical skills on top of defaults:
             # - molecule-skill-code-review:          multi-criteria review for security-relevant PRs
             # - molecule-skill-cross-vendor-review:  adversarial second opinion via non-Claude model
             #                                        (use ONLY for noteworthy PRs — auth, billing, data)
             # - molecule-skill-llm-judge:            cheap gate that catches "wrong thing shipped"
-            plugins: [molecule-skill-code-review, molecule-skill-cross-vendor-review, molecule-skill-llm-judge]
+            # - molecule-security-scan (#275):       supply-chain CVE gate via Snyk/pip-audit; wraps
+            #                                        builtin_tools/security_scan.py — gosec/bandit/etc
+            # - molecule-hitl (#266):                @requires_approval before filing critical issues
+            #                                        so false-positives don't spam the tracker
+            plugins:
+              - molecule-skill-code-review
+              - molecule-skill-cross-vendor-review
+              - molecule-skill-llm-judge
+              - molecule-security-scan
+              - molecule-hitl
             initial_prompt: |
               You just started as Security Auditor. Set up silently — do NOT contact other agents.
               1. Clone the repo: git clone https://github.com/${GITHUB_REPO}.git /workspace/repo 2>/dev/null || (cd /workspace/repo && git pull)